CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 3CVE-2007-6198 – BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6198
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. El elemento portal/server.pt en el portal Plumtree de BEA AquaLogic Interaction, desde la versión 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite usar caracteres comodín (*) en búsquedas avanzadas para nombres de usuario, lo que permite que atacantes remotos obtengan listas de usuarios válidos usando el parámetro in_tx_fulltext. • https://www.exploit-db.com/exploits/30822 http://procheckup.com/Vulnerability_PR06-11.php http://secunia.com/advisories/27840 http://www.securityfocus.com/archive/1/484469/100/0/threaded http://www.securityfocus.com/bid/26620 http://www.securitytracker.com/id?1019004 http://www.vupen.com/english/advisories/2007/4040 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2CVE-2007-6197
https://notcve.org/view.php?id=CVE-2007-6197
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. El portal Plumtree de BEA AquaLogic Interaction, de la versión 5.0.2 a la 5.0.4, y la 6.0.1.218452, permite que atacantes remotos obtengan números de versión y nombres de máquinas internas, leyendo los comentarios en el código HTML de cualquiera de sus páginas. • http://procheckup.com/Vulnerability_PR06-08.php http://procheckup.com/Vulnerability_PR06-09.php http://secunia.com/advisories/27840 http://www.securityfocus.com/archive/1/484467/100/0/threaded http://www.securitytracker.com/id?1019005 http://www.vupen.com/english/advisories/2007/4040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •